From 8309771a1c90497a9d2824fca530e51f12c9ed99 Mon Sep 17 00:00:00 2001 From: Evilham Date: Mon, 8 Aug 2022 09:40:51 +0200 Subject: [PATCH] [sso-avatars] Also use env var for minio container From minio's documentation: - MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively - In order to rotate secrets we only need to change MINIO_ROOT_{USER,PASSWORD} Using this commit and the previous one affecting keycloak we can use per-instance keys as opposed to the current state. In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must be set to the desired values. The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are: > Specify a unique, random, and long string for both the ACCESSKEY and > SECRETKEY. Your organization may have specific internal or regulatory > requirements around generating values for use with access or secret keys. See: - https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY - https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html --- dd-sso/docker-compose-parts/avatars.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dd-sso/docker-compose-parts/avatars.yml b/dd-sso/docker-compose-parts/avatars.yml index 009fd45..aecc565 100644 --- a/dd-sso/docker-compose-parts/avatars.yml +++ b/dd-sso/docker-compose-parts/avatars.yml @@ -28,11 +28,9 @@ services: - ${DATA_FOLDER}/avatars:/data - ${SRC_FOLDER}/avatars:/root/.minio environment: - - MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE - - MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + - MINIO_ROOT_USER=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE} + - MINIO_ROOT_PASSWORD=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY} restart: unless-stopped - # depends_on: - # - ${KEYCLOAK_DB_ADDR} command: "server /data" networks: - dd_net